Information Disclosure: Debug mode¶

Identifier: debug_mode

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

When Debug mode is left enabled, it accidentally gives attackers detailed error information that can reveal the inner workings of your application. This information, which includes full stack traces or detailed error messages, can help an attacker understand how your system is built and find weaknesses to exploit. Developers might forget to disable it in production, exposing sensitive internal details that could lead to further attacks, such as data leaks or even a full system compromise. The risk is high because what seems like a small oversight can provide a full roadmap to the vulnerabilities in your code.

References:

https://www.infosecmatter.com/bug-bounty-tips-8-oct-14/#4-graphql-notes-for-beginners

Configuration¶

Example¶

Example configuration:

---
security_tests:
  debug_mode:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.